Note From The Author, Gus
Thank you for visiting our site. I hope the information herein was useful to you. Should you have additional PC-related questions or problems, click for help: FREE Tech Support Request. Stop searching and get solutions!
Though we have written a number of articles related to wireless security, I felt it prudent to write specifically about Wi-Fi hotspot security concerns. Security is vital more than ever, as we are increasing our use of wireless devices.
Suffice to say, security importance has not kept up with the exploding grow of wireless device use. We all take it for granted. We buy a laptop and head out on the road, never considering for longer than a moment how secure the hotspot we connect to is. Well, doesn’t the service provider have some responsibility to provide a secure connection, you may ask? Good question, though how many of you have actually read the TOS of the hotspot you’re connecting to?
In this article, we’ll briefly review what is wireless security, available wireless adapter security settings, types of network attacks, explain the nuances of Wi-Fi hotspots, and thoughts on how to better protect your wireless network and hotspot connections.
In general, wireless network security is a simple process of encrypting data sent from one device to another. But let’s start by providing a basic understanding of wireless communications.
The technology to make wireless networking possible is nothing new; it uses FM radio waves to transmit data. When discussing terminology, there are two basic aspects. There are the protocols (most recognized as 802.11 b/g/n) used to make wireless data transfers possible, and there are standards so wireless adapters can communicate with each other.
The protocols were set by the IEEE (Institute of Electrical and Electronics Engineers), which is a non-profit association headquartered in the U.S. As a leading electrical and communications association, the IEEE makes and maintains standards.
Wi-Fi is a brand name and trademark of the Wi-Fi Alliance. As with much of everything else, Wi-Fi became the standard that manufacturers used in developing their wireless adapters, and today, more than 800 million devices utilize this standard.
Unlike wired communications, wireless signals have no boundaries, allowing any device with the ability to receive the signal an opportunity to use the connection. This is where security comes into play. Generally speaking, we know wireless security best as encryption protocols in our wireless routers. Such protocols include WEP, WPA, and WPA2/PSK.
Let’s review these security protocols basic encryption settings.
It was not too long ago that manufacturers shipped routers with wireless security turned OFF. Yeah, can you imagine that? You may recall the issue of Google obtaining networking-related information from homes and businesses as it roamed our streets in their Street View vehicles. This was made possible by thousands of wireless routers active without security enabled. In May of 2010, Google finally acknowledged the privacy problem, but claimed the collection of personal data and wireless-related information had been inadvertent, and blamed an unnamed engineer for adding the detection software code.
Today, you will find wireless routers sold on the market to typically have at least minimal encryption enabled, such as WEP. The below protocols are listed in strength, with WPA2/PSK being the strongest security protocol.
WEP: Wired Equivalent Privacy is the original encryption method created for wireless communications. Though WEP is still available in modern wireless networking, it should not be listed under wireless security best practices, and should be considered obsolete, as numerous vulnerabilities exist for this setting.
WPA: Wi-Fi Protected Access was the successor of WEP, to plug the security holes of WEP. For those still running Windows XP operating system, you will need to have at least SP2 (Service Pack 2) installed in order to connect to WPA-encrypted networks.
WPA2/PSK: The most recent adaptation of WPA. This is considered the strongest, non-proprietary encryption available on the 802.11x protocol. For ease of use, the PSK version refers to a Pre-Shared Key setup, that does not require an enormous amount of administrating to connect a device to a network.
To better understand wireless security, it may be best to discuss how hackers can access Wi-Fi- networks.
As stated in our previous section, WEP should be considered obsolete, and not utilized if other options are available. Here are a few attacks hackers have used to access wireless LAN’s…
Insertion Attacks: This is fairly basic…if your client admin does not have a user-generated password, it would be easy for a hacker to connect to your network with a wireless device. Please see our article on security settings so you may set all available security.
Unsecured Configuration: As previously mentioned, check your wireless router to assure security is enabled. Without it, a hacker doesn’t even need to hack your connection, you are allowing him in.
DoS Attacks: Though this is not a means to initially, and directly access your network, a hacker can send what is called a DoS attack that will prevent encrypted data from gaining access. Often, people turn off security to get a connection, whereby, opening up the network to the hacker. This now allows the hacker direct access to your network.
Traffic Monitoring: Though this is not an attack on your network, per-say, it does allow the hacker to view your personal Internet traffic.
Client Attacks: If a client device, connected to the network does not have proper security, a hacker needs only to hack his way onto your device, and piggyback the connection to your network.
There’s a hotspot almost everywhere you venture; 400+ million noted hotspots around the world today, and counting. A hotspot comes in two basic types; closed public network, and an open, free network. Closed hotspot networks are typically fee-based Internet access, much like what you may get in most airports. Open, free hotspots, are typically unsecured open Internet access networks, and usually requires nothing more than an email address.
The topic of this article relates to the open hotspots you find in many cafe’s, or coffee shops. The problem with most open hotspots is limited, or no wireless LAN security. The provider is much like any other network, using an Internet modem to connect to the public network, with a wireless router, or wireless access points.
Let’s now take a look at hotspot security.
Taking the route that the vast majority of wireless hotspot users don’t review the TOS, most would probably still expect some level of privacy, and not have their sessions broadcasted to whoever. However, this is not the case in most hotspot environments., as they are completely open, unencrypted Internet access points.
While connected to an open, unencrypted hotspot network, a hacker can use a simplistic utility to not only list all active web sessions (users connected to the Internet via this unencrypted connection), they can ‘hijack’ any of those sessions. The hacker can access a connected-users state cookie and log in as the user, turned victim. Once logged in, the hacker impersonates the victim and can use the session just as the victim would.
To see just how easy this is to do, you can download a free Firefox browser add-on called ‘Firesheep’. The developers of this utility/add-on did not do so maliciously; they did it to raise the eyebrows of hotspot users. So, how often would you care to allow someone access to your browsing session?
Based on the above, it seems obvious as to what hotspot providers should do, right? Encrypt their connections! Is this a failsafe? By all means…no. However, setting WPA encryption security would provide its users some level of comfort. Not to mention, it’s as simple as making a settings change in the wireless router admin panel.
Ever heard the phrase…low hanging fruit? Hackers will always go to where it is easiest, the unencrypted network. Encrypting hotspots will also reduce the amount of traffic, and dramatically decrease the number of DoS attacks. Both of which can actually save hotspot providers time, and provide a better quality of service, free, or not.